Forms of Attack on a Network (OCR GCSE Computer Science): Revision Notes

Forms of Attack on a Network

Several types of cyberattacks can threaten the security of networks and systems. Each attack exploits different vulnerabilities, and understanding how they work helps in preventing or mitigating their effects.

Different Forms of Attack

Malware

• Description: Malware is malicious software that can take various forms, including viruses, trojans, ransomware, and spyware.
• How it is used: Malware infects devices through downloads from suspicious emails, websites, or disguised within legitimate-looking software.
• Purpose: Malware aims to damage, disrupt, or gain unauthorised access to systems, often leading to data theft or financial gain for the attacker.

Social Engineering (e.g., Phishing)

• Description: Social engineering manipulates people into giving up sensitive information or performing unsafe actions, like downloading malicious software.
• How it is used: One common example is phishing, where attackers send fake emails pretending to be from trusted companies to trick users into revealing personal information (e.g., passwords or credit card details).
• Purpose: The goal is to gain access to personal data, steal identities, or install malware on the victim's system.

Brute-Force Attacks

• Description: Brute-force attacks involve trying every possible combination of passwords until the correct one is found.
• How it is used: Attackers use automated software to attempt multiple password combinations in a short period.
• Purpose: The aim is to gain unauthorised access to systems, accounts, or sensitive data by guessing the correct login credentials.

Denial of Service (DoS) Attacks

• Description: A DoS attack is designed to shut down or slow down a website, network, or service by overwhelming it with traffic.
• How it is used: Attackers flood a system with excessive requests, making it incapable of responding to legitimate users.
• Purpose: The main objective is to disrupt services and prevent users from accessing a website or network, often causing significant downtime.

Data Interception and Theft

• Description: This attack occurs when unauthorised individuals intercept data while it is being transmitted over a network.
• How it is used: Attackers use techniques such as packet sniffing to capture sensitive information (e.g., log in details or financial information) from network traffic.
• Purpose: The goal is to steal sensitive information that can be used for identity theft, fraud, or unauthorised access.

SQL Injection

• Description: SQL injection is a type of attack that targets databases by inserting malicious SQL code into input fields on websites.
• How it is used: Attackers exploit vulnerabilities in poorly designed forms or web applications to manipulate SQL queries, potentially gaining unauthorised access to the database.
• Purpose: The aim is to access, modify, delete, or insert data in a database, often for theft or to cause damage to the database.